Chief Information Security Officer-Remote
About the position The Chief of Information Security and Security Officer (CISO) is responsible for providing leadership and operational excellence for developing and supporting security initiatives and policies along with developing strategies to protect sensitive data, managing security risks, investigating and remediating security incidents and promoting security awareness and compliance across the organization. The CISO acts as the primary contact for security-related matters and serves as the organization's HIPAA Security Officer.
Responsibilities
- Develop and manage a comprehensive information security and risk management
program aligned with business objectives and regulatory requirements.
- Serve as the organization's HIPAA Security Officer and lead all activities
related to ensuring the security of protected health information (PHI).
- Collaborate with executive leadership, legal, compliance, and IT teams to
integrate security into all aspects of operations and technology.
- Serves in a leadership capacity in the execution of the organizations Cyber
Incident Response plan, coordinating action, communication, and mitigation efforts in conjunction with Executive Leadership.
- Keep current with emerging security trends, conduct research and make
recommendations for improvements to current processes. Advise, counsel and educate executive and management teams on technology’s relative importance and financial impact.
- Establish, implement, maintain, and audit information security policies,
procedures, and controls in accordance with PathGroup’s Compliance Program, federal laws, and industry-standard best practices.
- Conduct regular risk assessments and security audits to identify
vulnerabilities and recommend mitigations.
- Oversee security incident response planning and investigation of security
breaches, including documentation and reporting.
- Work closely with the Chief Information Officer and Privacy Officer to
develop and administer security awareness training for all employees and contractors.
- Lead strategic security and incident response planning to achieve business
goals by prioritizing defense initiatives through the deployment, monitoring, maintenance, development, and upgrading of current and future security tools, technologies, and systems.
- Ensure regular risk assessments, penetration testing, and remediation efforts
are conducted on a regular and timely basis.
- Monitor and analyze network and system activity for anomalies and trends to
prevent and remediate security incidents in a timely manner.
- Work with IT to implement secure system configurations and DevSecOps
practices.
- Evaluate third-party vendors and partners for security and compliance
posture.
- Complete all required security assessments from existing or prospective
clients.
- Participate in contract negotiations to ensure appropriate security
requirements and data protection terms are in place.
- Manage the employee hiring process including developing and updating job
descriptions, developing performance expectations, identifying essential functions and knowledge, skills and abilities required for applicable positions, and selecting and assigning staff.
- Supervise and manage employee and team performance by coaching, counseling,
motivating, and evaluating employees on a continual basis. Implement disciplinary action as needed and in consultation with Human Resources.
- Coordinate team projects, schedule work assignments, set priorities, and
direct the work of subordinate employees.
- Ensure effective employee relations by sustaining an ethical,
non-discriminatory and safe work environment and establishing effective communication lines and methods. Identify and solve employee problems, manage conflict, and respond to grievances as needed.
- Perform all job responsibilities in alignment with the industry’s best
security practices and regulatory guidelines to protect confidentiality, integrity, and availability of protected health information and other sensitive company data.
- Must be familiar with and abide by the Corporate Compliance Program and all
Corporate policies, including the Privacy and Security policies.
Requirements
- A bachelor’s degree or the equivalent combination of education and experience
in Cybersecurity is required.
- At least five to ten years of prior job-related experience in Healthcare
Information Security is required.
- In-depth knowledge of HIPAA Security Rule, HITECH, and healthcare regulatory
frameworks.
- Preferred advanced knowledge in at least one of the following cybersecurity
frameworks: HITRUST, NIST CSF, ISA 27001.
- Proven ability to communicate effectively with IT leadership and executive
stakeholders. Nice-to-haves
- Professional certifications such as CISSP, CISM, CISA, HCISPP, or HITRUST
CCSFP. Apply tot his job Apply To this Job